A healthcare software company is storing highly sensitive patient records on Amazon S3. To comply with regulatory standards, they need to ensure that the data is encrypted while it is stored on the cloud. Which service feature should the company use to achieve this requirement?
Activating AWS Shield Advanced for the S3 buckets containing patient records
Using Amazon Macie to automatically classify and encrypt the patient records
Implementing SSL/TLS to encrypt data in transit to and from Amazon S3
Enabling server-side encryption with Amazon S3-managed encryption keys (SSE-S3)
Amazon S3 server-side encryption (SSE) allows users to encrypt data at rest. The company is required to encrypt the sensitive records while they are stored, which refers to encryption at rest. AWS Key Management Service (KMS) managed keys (SSE-KMS), customer-provided keys (SSE-C), and Amazon S3-managed keys (SSE-S3) are all valid encryption options for data at rest. The correct answer is 'Enabling server-side encryption with Amazon S3-managed encryption keys (SSE-S3)' because it directly pertains to data at rest. Enabling encryption in transit (by utilizing HTTPS for data transfer) does not apply to data at rest, and ‘AWS Shield Advanced’ is primarily used for protection against Distributed Denial of Service (DDoS) attacks, not for encrypting data.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Server-Side Encryption (SSE) in Amazon S3?
Open an interactive chat with Bash
What are the different types of encryption options available for data at rest in Amazon S3?
Open an interactive chat with Bash
What are the implications of not encrypting sensitive data stored in the cloud?
Open an interactive chat with Bash
AWS Cloud Practitioner CLF-C02
Security and Compliance
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access